APPENDIX 4 



r* 

* IPS VPN Tunnel update functions 

* @file updatejunnels.h 

* ©author jmccaskey 
*/ 

#ifndef UPDATE_TUNNELS H 

#define UPDATE_TUNNELS H 

#include "snmpwalk.h" 

r 

* Function to update all tunnel related ids for a specific device. 

* The function will find any tunnels involving the device using the passed MySQL connection and 

* then perform the neccesary walking and matching to update the tunnel index ids 

* in the database. 
*/ 

int update_tunnels(struct ips_device 'device, MYSQL *mysql_connection); 
#include "update Junnels.c" 



#endif 



r* 

* IPS VPN Tunnel update functions 

* @file update_tunnels.c 

* ©author jmccaskey 
7 

/** 

* Function to update all tunnel related ids for a specific device. 

* The function will find any tunnels involving the device using the passed MySQL connection and 

* then perform the neccesary walking and matching to update the tunnel index ids 

* in the database. 
V 

int update_tunnels(struct ipsjjevice *device s MYSQL *mysql_connection) { 
MYSQLRES *result; 
MYSQL_ROW row; 
char *sql_query; 
int n; 

assert(sql_query=malloc(2500)); 

n=snprintf(sql_query, 2500, "SELECT tunnel.tunneljd, tunnel.tunneLserverjd, 

tunneLside_one.tunnel_entryjd as tunnel_entryjdJocal, " 

"tunnel_side_one.tunnel_entry_serverjd as tunnel_entry_server_idJocal, " 
"tunnel_side_one.tunnel_sidejd as tunnel_sidejdJocal, " 
"tunnel_sidej)ne.tunneLside_serverjd as tunneLside_serverjdJocal, " 
"tunnel_side_one.sa_id as sajdjocal, tunnel_side_two.tunnel_side_id as 

tunnel_side_id_remote, " 

M tunnel_sideJwo.tunnel_side_serverjd as tunnel_side_server_id_remote, 

tunneLsideJwo.sa_id as sa_id__remote, " 

"tunnel_side_two.tunnel_entry_id as tunnel_entry_id j*emote, " 
O tunnel_side_two.tunnel_entry_server_id as tunnel_entry_server_id_remote, 

device_one.ip_address as ip_addressJocal, " 

"device_one.device_id as device jdjocal, device_one.device_serverjd as 

device_serverjdJocal, " 

"tunnel_entryj)ne.tunneLentry_type as tunnel_entry__type_local, " 
"tunneLentryJwo.tunnel_entry_type as tunnel_entry_type_remote, " 
"device_two.ip_address as ip_address_remote " 

"FROM tunnel, tunnel__side as tunnel_side_one, tunneLside as tunnel_side_two, 

ii 

"tunnel_entry as tunnel_entry_one, tunnel_entry as tunnel_entry_two, " 
"device as device_one, device as device_two " 
"WHERE tunnel_side_one.tunneljd = tunnel.tunneljd " 
"AND tunnel_side_one.tunnel_server_id = tunnel.tunneLserverjd " 
"AND tunneLside_two.tunneMd = tunnel.tunneljd " 
"AND tunnel_side_two.tunnel_serverjd = tunnel.tunneLserverjd " 
"AND NOT(tunnel_sideJwo.tunnel_sidejd = tunneLsidejDne.tunnel_sidejd " 
"AND tunneLside_two.tunnel_side_server_id = 
tunnel_side_one.tunnel_side_serverjd) " 

"AND tunneLside_one.tunneLentry_id=tunneLentry_one.tunnel_entryjd " 
"AND 

tunneLside_one.tunneLentry_serverjd=tunneLentry_one.tunnel_entry_serverjd " 

"AND tunneLside_two.tunnel_entry_id=tunneLentry_two.tunneLentryjd " 
"AND 

tunneLside_two.tunneLentry_serverjd=tunnel_entry_two.tunneLentry_serverjd " 

"AND tunneLentry_one.devicejd=device_one.devicejd " 
"AND tunneLentry_one.device_serverjd=device_one.device_server_id " 
"AND tunnel_entryJwo.devicejd=deviceJwo.device_id " 



"AND tunnel_enti7_two.device_serverjd=device_two.device_server_id " 
"AND device_one.device_id = %s " 

"AND device_one.device_serverjd=%s", device->devicejd, device- 

>device_server_id); 

//execute query 
if(mysql_real_query(mysql_connection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query for tunnels associated with device: Error: %s\n", 
timestamp, mysq!_error(mysql_connection)); 
funlockfile(stderr); 
free(sql_query); 

} 

free(sqLquery); 

//store results from last query into result 
result=mysql_storej , esult(mysql_connection); 
//setup snmp session options 
session = ips_snmp_sess_init(device); 

index_node *inode = NULL; 
//loop through each tunnel_side updating its ids 
whi!e(row=mysql_fetch_row( result)) { 
int n; 

char *start_oid, *sql_query; 
queue index_queue; 
queuejnit(&index_queue); 

/** Check what type of tunnel we are dealing with and call the walk function */ 
if(strcmp(row[15], "cisco_ipsec")==0) { 

//put each digit of the ip address into a seperate array element 
unsigned char ipaddress[4] = {0, 0, 0, 0}; 
if(row[17]!=NULL){ 

char delim[1 ] = {'/}; 
char *pos; 
pos = row[17]; 

//strsep is a gnu c specific extension... it replaces the non thread safe 

(and slower) strtok from ansi c... 

ipaddress[0] = atoi(strsep(&pos, delim)); 
ipaddress[1] = atoi(strsep(&pos, delim)); 
ipaddress[2] = atoi(strsep(&pos, delim)); 
ipaddress[3] = atoi(strsep(&pos, delim)); 

} 

assert(start_oid = malloc(200)); 

//walk the phase 1 oid 
snprintf(start_oid, 200, 
"cipSecPhaseOne.cikeTunnelTable.cikeTunnelEntry.cikeTunRemoteAddr l, ); 

ips_snmpwalk(device, row(15] t start_oid f ipaddress, &index_queue, 1); 
free(start_pid); 

//process the queue in order to get the phase 1 id 
int count = 0; 

while(index_queue.head != NULL) { 
if(count > 0) 

free(inode); 

inode = (index_node *) queue_get(&index_queue); 
++count; 



} 

//update the phase 1 id in db... 
assert(sqLquery = mailoc(800)); 
if(count > 0) { 

n=snprintf(sql_query, 800, "UPDATE tunnel_side SET " 

"session_id_one_previous = session_id_one, 

session_id_one = %d " 

''WHERE tunneLside_id = %s AND 

tunnel_side_serverjd = %s", 

inode->value, row[4], row[5]); 

} else { 

//there was nothing in the queue, so we know we didn't find a matching 



session id, insert NULL 

sessionjd_one = NULL " 
tunnel side server id = %s" 



n=snprintf(sql_query, 800, "UPDATE tunneLside SET " 

"session_id_one_previous = sessionjd _one, 



} 

free(inode); 



"WHERE tunneLsidejd = %s AND 
row[4], row[5]); 



//flockfile(stdout); 

//fprintf(stdout, "%s\n", sqLquery); 

//funlockfile(stdout); 

if(mysql_real_query(mysql_connection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to update tunnel_side: Error: 
%s\n", timestamp, mysqLerror(mysql_connection)); 

funlockfile(stderr); 
free(sql_query); 

} else { 

free(sql_query); 

} 

assert(start_oid = malloc(200)); 
//walk the phase 2 oid 
snprintf(start_oid, 200, 
"cipSecPhaseTwo.cipSecTunnelTable.cipSecTunnelEntry.cipSecTunRemoteAddr"); 

ips_snmpwalk(device l row[15], start_oid, ipaddress, &index_queue, 0); 
free(start_oid); 

//find all cisco phase 2 monitors related to this tunnel side so they can be updated 
assert(sql_query = malloc(IOOO)); 

n = snprintf(sql_query, 1000, "SELECT monitor.monitorjd, 
monitor.monitor_server_id " 

"FROM monitor_tunnel, monitor, metric, metric_snmp " 
"WHERE monitor_tunnel.tunnel_sidejd=%s AND 
monitor_tunnel.tunnel_side_serverjd=%s " 

"AND monitor.monitor_id=monitor_tunnel.monitor_id " 

"AND monitor.monitor_server_id=monitor_tunnel.monitor_server_id " 

"AND metric.metricjd=monitor.metricjd " 

"AND metric.metric - serverjd=monitor.metric_server_id " 

"AND metric.suite-snmp' " 



"AND metric_snmp.metricjd=metric.metric_id " 
"AND metric_snmp.metric_serverjd=metric.metric_serverjd " 
"AND metric_snmp. phase = 'two 1 
row[4], row[5]) ( 

if(mysqLreal_query(mysqLconnection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to find phase 2 monitors during 
tunnel update: Error: %s\n", timestamp, mysqLerror(mysql_connection)); 
funlockfile(stderr); 
free(sql_query); 
} else { 

free(sql_query); 

} 

MYSQL_RES *phase_two_result; 
MYSQL_ROW monitor_row; 

phase_two_result = mysql_store_result(mysql_connection); 

while(monitor_row=mysqLfetch_row(phase_two_result)) { 
char *sql_query_delete; 
int len; 

assert(sqLquery_delete = malloc(8000)); 

//additional where clauses will be appened as we go to avoid deleting the 

rows that are still in use... 

len = snprintf(sql_query_delete, 8000, "DELETE FROM 
monitor Junnel_cisco_j>hase_2 WHERE monitor jd=%s AND monitor_serverjd=%s", monitor_row[0], 
monitor__row[1]); 

inode = (index_node *) index_queue.head; 
while(inode != NULL) { 

//check if there is already a row for this session id value 

assert(sql_query = malloc(IOOO)); 

n=snprintf(sqLquery, 1000, "SELECT COUNTf) AS count 

FROM monitor tunnel_cisco_phase_2 " 

"WHERE monitor_id=%s AND 

monitor serverjd=%s" 

"AND phase_2_id=%d ", monitor jrow[0], 

monitor_row[1], inode->value); 

if(mysql_reaLquery(mysqLconnection t sqLquery, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query for phase 2 row count: Error: 
%s\n", timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 
free(sql_query); 

} else { 

free(sql_query); 

} 

MYSQL_RES *count_result; 
MYSQL_ROW count_row; 

count_result = mysql_store_result(mysql_connection); 

count_row - mysql_fetch_row(count_result); 

int row_count = atoi(count_rowt0]); 

mysql_free_result(countjresult); 

if(row_count < 1){ 

//there is no row for this session id, create one 
assert(sql_query = malloc(800)); 
n=snprintf(sql_query, 800, "INSERT INTO 



monitorJunnel_cisco_phase_2 " 

"(monitor jd, monitor_server_id, 

phase_2_id, counter, timestamp) M 

'VALUES (%s, %s, %d, 0, 0)", 
monitor_row[0], monitor_row[1], 

inode->value); 

if(mysqLreal_query(mysqLconnection, sql_query, n)!=0) 

{ 

flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to insert into 
monitor_tunnel_cisco_phase_2: Error: %s\n'\ timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 
free(sql_query); 
} else { 

free(sql_query); 

} 

} 

//update the delete query to not delete this row (since it still is in 

use) 

char *temp_string; 

temp_string = strdup(sql_query_delete); 
len = snprintf(sqLquery_delete, 8000, "%s AND 
NOT(phase_2_id=%d) temp_string, inode->value); 

free(temp_string); 

inode = (index_node *)inode->next; 

} 

//execute the delete for all rows for this monitor that were not still in use 
if(mysql_real_query(mysql_connection, sql_query_delete, len)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to delete old phase 2 rows: Error: 
%s\n M , timestamp, mysqLerror(mysql_connection)); 

funlockfile(stderr); 
free(sql_query_delete); 
} else { 

free(sql_query_delete); 

} 

} 

//cleanup the queue 
while(index_queue.head != NULL) { 

inode = (index_node *) queue_get(&index_queue); 

free(inode); 

} 

mysql_freejresult(phase_twoj-esult); 

} else if(strcmp(row[15], M netscreenjpsec")==0) { 
assert(start_oid = ma!loc(200)); 

//walk the phase 1 oid 

snprintf(start_oid, 200, "nsVpnMonTable.nsVpnMonEntry.nsVpnMonSald"); 
ips_snmpwalk(device, row(15], start_oid, row[6], &index_queue, 1); 
free(start_oid); 

//process the queue in order to get the phase 1 id 
int count = 0; 

whi!e(index_queue.head != NULL) { 



if(count > 0) 

free(inode); 

inode = (indexjtode *) queue_get(&index_queue); 
++count; 

} 

//update the phase 1 id in db... 
assert(sqLquery = malloc(800)); 
if(count > 0) { 

n=snprintf(sqLquery, 800, "UPDATE tunnel_side SET M 

"session jd_one_previous = session jd_one, session Jd_one = %d " 
"WHERE tunnel_sidejd = %s AND tunnel_side_server_id = %s", 
inode->value, row[4], row[5]); 

} else { 

//there was nothing in the queue, so we know we didn't find a matching session id, 

insert NULL 

n=snprintf(sql_query, 800, "UPDATE tunnel_side SET " 

"session jd_one_previous = session_id_one, session_id_one = NULL 

"WHERE tunnel_side_id = %s AND tunnel_side_server_id = %s", 
row[4], row[5]); 

} 

free(inode); 

//flockfile(stdout); 
//fprintf(stdout, "%s\n", sqLquery); 
//funlockfile(stdout); 

if(mysqLreal_query(mysqLconnection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to update tunnel_side: Error: 
%s\n", timestamp, mysql_error(mysqLconnection)); 
funlockfile(stderr); 
free(sqLquery); 
} else { 

free(sql_query); 



} else if(strcmp(row[15], "altigajpsec")==0) { 
assert(start_oid = malloc(200)); 

//walk the phase 1 oid 

snprintf(start_oid, 200, 
M alActiveSessionTable.alActiveSessionEntry.alActiveSessionlpAddress"); 

ips_snmpwalk(device t row[15], start_oid, row[17], &index_queue, 1); 
free(start_oid); 

//process the queue in order to get the phase 1 id 
int count = 0; 

while(index_queue.head != NULL) { 
if(count>0) 
free(inode); 

inode = (index_node *) queue_get(&index_queue); 
++count; 

} 



//update the phase 1 id in db... 
assert(sqLquery = malloc(800)); 
if(count > 0) { 

n=snprintf(sql_query, 800, "UPDATE tunnel_side SET " 

"session_id_one_previous = session_id_one, session_id_one = %d " 
"WHERE tunnel_sidejd = %s AND tunnel_side_server_id = %s M , 
inode->value, row[4], row[5]); 

} else { 

//there was nothing in the queue, so we know we didn't find a matching session id, 

insert NULL 

n=snprintf(sqLquery f 800, "UPDATE tunnei_side SET " 

"session_id_one_previous = sessionjd_one, session_id_one = NULL 

"WHERE tunnel_side_id = %s AND tunnel_side_server_id = %s", 
row[4], row[5]); 

} 

free(inode); 
//flockfile(stdout); 

//fprintf(stdout, "%s\n", sqLquery); 
//funlockfile(stdout); 

if(mysql_reaLquery(mysqLconnection, sqLquery, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to update tunnei_side: Error: %s\n", 
timestamp, mysql_error(mysqLconnection)); 

funlockfile(stderr); 
free(sql_query); 
} else { 

free(sql_query); 



} else if(strcmp(row[15], M ips_emulated")==0) { 
assert(start_oid = malloc(200)); 

//walk the phase 1 oid 

snprintf(start_oid, 200, "hrSWRunEntry.hrSWRunlndex"); 
ips_snmpwalk(device t row[15], start_oid, "25977", &index_queue, 1); 
free(start_oid); 

//process the queue in order to get the phase 1 id 
int count = 0; 

while(index_queue.head != NULL) { 
if(inode > 0) 
free(inode); 

inode = (index_node *) queue_get(&index_queue); 
++count; 

} 

//update the phase 1 id in db... 
assert(sql_query = malloc(800)); 
if(count > 0) { 

n=snprintf(sqLquery, 800, "UPDATE tunnel_side SET " 

"session_id_one ^previous = session_id_one, session_id_one = %d " 
"WHERE tunnel_sidejd = %s AND tunnel_side_server_id = %s", 
inode->value, row[4], row{5]); 



free(inode); 

} else { 

//there was nothing in the queue, so we know we didn't find a matching session id, 

insert NULL 

n=snprintf(sql_query, 800, "UPDATE tunneLside SET " 

"session_id_one_previous = session_id_one, session_id_one = NULL 

"WHERE tunnel_side_id = %s AND tunnel_side_serverjd = %s H , 
row[4], row[5]); 

} 

//flockfile(stdout); 

//fprintf(stdout, "%s\n", sql_query); 

//funlockfile(stdout); 

if(mysqLreaLquery(mysql_connection, sqLquery, n)!=0) { 
flockfile(stderr); 

fprintf(stderr f "%s: Failed executing query to update tunneLside: Error: %s\n", 
timestamp, mysql_error(mysqLconnection)); 

funlockfile(stderr); 
free(sqLquery); 
} else { 

free(sql_query); 



assert(start_oid = malloc(200)); 
//walk the phase 2 oid 

snprintf(start_oid, 200, "hrSWRunEntry.hrSWRunName"); 

ips_snmpwalk(device, row[15], start_oid, TapacheV", &index_queue, 0); 
free(start_oid); 

//find all cisco phase 2 monitors related to this tunnel side so they can be updated 
assert(sql_query = malloc(IOOO)); 

n = snprintf(sql_query, 1000, "SELECT monitor. monitor jd, monitor. monitor_serverjd " 

"FROM monitor Junnel, monitor, metric, metric_snmp " 
"WHERE monitor Junnel.tunnel_side_id=%s AND 
monitorJunnel.tunneLside_server_id=%s " 

"AND monitor.monitorjd=monitor_tunnel.monitorjd " 
"AND monitor.monitor_serverjd=monitor_tunnel.monitor_serverjd " 
"AND metric.metricjd=monitor.metric_id " 
"AND metric.metric_serverjd=monitor.metric_serverjd " 
"AND metric.suite= , snmp , " 
"AND metric_snmp.metricjd=metric.metric_id " 
"AND metric_snmp.metric - serverjd=metric.metric_serverjd " 
"AND metric_snmp.phase = 'two' " t 
row[4], row(5]); 

if(mysqLreaLquery(mysqLconnection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query for phase 2 monitors: Error: %s\n", 
timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 
free(sql_query); 
} else { 

free(sqLquery); 

} 



MYSQL_RES *phase_two_result; 
MYSQL_ROW monitor_row; 

phaseJwo_resu!t = mysql_storej*esult(mysql_connection); 

while(monitor_row=mysqLfetch_row(phase_two_result)) { 
char *sql_query_delete; 
int len; 

assert(sql_query_delete = mailoc(8000)); 

//additional where clauses will be appened as we go to avoid deleting the rows that 

are still in use... 

len = snprintf(sql_query_delete, 8000, "DELETE FROM 
monitorJunnel_cisco_phase_2 WHERE monitorjd=%s AND monitor_server_id=%s M , monitor_row[0], 
monitorj*ow[1]); 

inode = (index_node *) index_queue.head; 
while(inode != NULL) { 

//check if there is already a row for this session id value 
assert(sql_query = malloc(IOOO)); 
n=snprintf(sql_query, 1000, "SELECT COUNTf) AS count FROM 
monitor_tunnel_cisco_phase_2 " 

"WHERE monitorjd=%s AND monitor_server_id=%s " 

"AND phase_2_id=%d ", monitor_row[0], 

monitor_row[1], inode->value); 

MYSQL_RES *count_result; 
MYSQLJROW countjDw; 
int row_count; 

if(mysql_real_query(mysql_connection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query for phase 2 
row count: Error: %s\n", timestamp, mysql_error(mysqLconnection)); 

funlockfile(stderr); 

free(sql_query); 
row_count = 0; 

} else { 

free(sq1_query); 

count_result = mysql_storej-esult(mysql_connection); 
count_row = mysql_fetch_row(count_result); 
row_count = atoi(count_row[0]); 
mysql_free_result(count_result); 

} 

if(row_count < 1) { 

//there is no row for this session id, create one 
assert(sql_query=malloc(800)); 
n=snprintf(sql_query, 800, "INSERT INTO monitor_tunnel_cisco_phase_2 " 
"(monitorjd, monitor_server_id, phase_2jd, counter, 

timestamp) " 

'VALUES (%s, %s, %d, 0, 0)", 

monitor_row[0], monitor_row[1], 

inode->value); 

iffmysqLrealj^ueryfmysqLconnection, sql_query, n)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to 
insert into monitor_tunnel_cisco_phase_2: Error: %s\n", timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 



free(sql_query); 
} else { 

free(sql_query); 

} 

//update the delete query to not delete this row (since it still is in 

use) 

char *temp_string; 

temp_string = strdup(sql_query_delete); 

len = snprintf(sql_query_delete, 8000, n %s AND NOT(phase2_id=%d) ", 
temp_string, inode->value); 

free(temp_string); 
inode = (index_node *)inode->next; 
} 

//execute the delete for all rows for this monitor that were not still in use 
if(mysqLreal_query(mysqLconnection, sql_query_delete, len)!=0) { 
flockfile(stderr); 

fprintf(stderr, "%s: Failed executing query to delete old phase 2 
rows: Error: %s\n". timestamp, mysql_error(mysql_connection)); 

funlockfile(stderr); 
free(sql_query_delete); 
} else { 

free(sql_query_delete); 

} 

} 

//cleanup the queue 
while(index_queue.head != NULL) { 

inode = (index_node *) queue_get(&index_queue); 

free(inode); 

} 

mysql_free_result(phase_two_result); 



} 

//... 

} 

mysql_free_result(result); 
return(O); 

} 



